Sunday, November 13, 2011

System Cleanup Tips for better performance

I just read an artcle on the Windows Secrets site about a test a guy did where he installed the 20 most popular programs from cnet and then uninstalled them. They slowed down the boot up time of his computer a lot even after being uninstalled.

He used three different cleaner utilities to try to help the situation and they all worked quite well.

so, for future reference, here's a short how-to.

He used CCleaner’s file and Registry cleanup routines in their default settings and it worked.

Without even downloading anything, you can use Windows cleanmgr to cleanup. Click Start, type cmd and click the icon to start a DOS prompt. Type cleanmgr and enter. This should run the Disk Cleanup util. You get more functionality if you start it this way. You should be able to delete most of the items on the list that Disk Cleanup gives you. I uncheck Hibernation, Recycle Bin (I sometimes have things in there I end up needing), and setup log files (useful -for me- diagnostics in there)

There are also two uninstall programs you can use to clean up. Revo Uninstaller, and there is a Microsoft Fix-It that will help uninstall crap at

I've used the Revo Uninstaller in situations where the Add Remove Programs control panel applet is blank. I was able to remove programs even though the Add Remove Programs wouldn't work.

Microsoft used to offer the Windows Installer CleanUp Utility, which can still be found for download if you search. I found it on the MajorGeeks website. But this utility is no longer compatible with current versions of Office. But I've used the utility to uninstall other programs, like the remnants of the VZAccess Manager for Verizon Wireless data connections, and the drivers for the tethered device.

Monday, October 03, 2011

Modulus mismatch, key file does not match certificate

Modulus mismatch, key file does not match certificate

I got this error message when trying to install an SSL certificate in Webhost Manager, the Cpanel hosting administration interface.

This error comes from not having the .key that matches the cert you are trying to install. When you go through the SLL certificate creation process, you have to generate a Certificate Signing Request(CSR). Your Webhost may do this for you, or you might have done it in Cpanel or WHM. In any case, the CSR contains the .key that matches your SSL cert. It's the Private Key.

Copy this and paste it in the box below the SSL certificate.

Note: When you paste in the SSL cert, as soon as you click outside the SSL text entry box, or <Tab>, the server will fill the key box with something. You have to "select all" in the second box, and then paste your key instead.

Thursday, July 28, 2011

Solve Media's CAPTCHAs won't solve the problem that CAPTCHAs need to solve

Updated May 14, 2014

CAPTCHAs are needed in order to keep spammers out of your web site. Solve Media's CAPTCHAs won't do that, and here's why.

Location is everything, right? All the good locations for ads on web pages are already saturated, right? There is a post on Tech Crunch raving about a new advertising location. Solve Media uses the CAPTCHA as an advertising platform. Apparently they are having great success and Tech Crunch certainly seemed enthusiastic in their writeup.

But as a webmaster who has NEEDED a captcha I can tell you that their captchas are a waste of time.

One of the purposes of a CAPTCHA is to prevent bots from registering, and this CAPTCHA may work for that, but what about humans?

All of Solve Media's captchas can be solved by anyone who can read English.

You need something different to keep out the spammers.

There is a whole industry in India based around solving CAPTCHAs in order to get accounts on websites for spamming purposes. They register users on forums for hire. They advertise based on how many thousands of captchas per hour they can solve.

The only thing I have found that works to prevent the spammers is to use something like this: Sortables Captcha Plugin and load it with questions that only people familiar with your topic will be able to answer.

I have used this CAPTCHA on several video game related forum style websites, and it's easy to set it up using terms from the game. People who don't play the game, and who are getting paid to solve THOUSANDS of CAPTCHAs per hour won't be able to solve it, or take the time to figure it out, and bots can't solve it at all. How does it work for the people that want to register for the game related forum? Fine, just fine. I have never had anyone complain, and we get plenty of registrations, and zero spammers.

I think the Sortables CAPTCHA will work well for this purpose whenever your website pertains to a niche topic, which is very common. I'm sure you could think of a way that would also foil foreign culture CAPTCHA solvers even if you had a general interest site.

As far as I know, this CAPTCHA only exists for phpBB, and I wonder why, since it has been so amazingly effective. I hope that someone will take this idea and make a plugin for some other CMS types.

Websites that have contact forms won't get spammed by forum posters, but lead forms, sample request forms, or contact forms do get hit by spam bots a lot. For those types of user forms I use the Hivelogic Enkoder to obfuscate the form HTML. The Enkoder scrambles the form HTML into a bunch of crazy Javascript. Browsers decode the Javascript and display the form to a normal person using your site, but all the spam bots see is a...well, nothing. Bots don't decode it. They don't even know a form is there.

You may get a few actual humans that submit the form and ask you to help with transferring vast sums of cash from a former African dictator's bank accounts, but for my users this has been rather uncommon.

Note: I see that I have failed to capitalize CAPTCHA consistently throughout this post. And I don't care. I am lazy. What can I say?

Monday, July 11, 2011

Googlebot doesn't see embedded product descriptions from Netsuite

Googlebot doesn't see the content on your page if it comes from embedded javascript.

So if you embed your product description from Netsuite into static pages, Google will never index those descriptions. So it doesn't matter if you use SEO keyword terms in the descriptions. And it doesn't help to use keywords in the Netsuite descriptions. And it will hurt your product's search engine rankings unless you include a fair amount of keywords in other places on the page.

This isn't just about Netsuite. Any content that is embedded in a page using javascript is invisible to Google. I just discovered it while testing product pages with the descriptions embedded using the code from Netsuite WSDK.

At least according to the Webmaster Tools "Fetch as Googlebot" in Diagnostics.

Friday, June 17, 2011

Netsuite sucks: let me count the ways

Embedding the Add to Cart button in a static page. The embed code that Netsuite provides? 49 wc3 html validation errors in 44 lines.

Thursday, May 19, 2011

Three good CSS and Javascript resources

Whilst writing HTML this week I ran across a couple nice resources
For understanding CSS cascade - which CSS rules will apply when the document is rendered.
Soh Tanaka has a bunch of great tutorials on CSS and jQuery javascipt.
Also has a bunch of CSS goodness and javascript goodies.

Friday, May 13, 2011

"Good, Free Antivirus" question

Question from a reader:
Is there a good, free antivirus software I can download? I have the Verizon security suite, but I'm quite sure it's not catching everything. Barring that, what's the best way to clean the viral crap off my computer?

Are we talking about a program that runs all the time and tries to catch virii before they get installed, or one that removes them after?

For prevention, Microsoft Security Essentials or Avast seem to be the best free options.

Whatever VZ is using is probably pretty good too. None of them are perfect...paid or free.

For removal I would use more than one scanner to remove virii. has a free online scanner. MalwareBytes offers a free scanner that you download and install.

In all post-infection cases, you want to make sure that the scanners are not identifying false-positives. Set them to notify but not clean (or delete or quarantine). That's why we use multiple scanners. If they agree that a file contains a threat, then we quarantine (remove...delete) it.

If you are talking general computer cleaning, CCleaner is good but it will help you remove things that you really didn't want removed. WinDirStat will show you what is taking up all the space on your hard drive.

Tuesday, May 10, 2011

Update on Fake Alert Virus Infections

Seems like everyone I know has been getting hit by this malware. Sophos reports that there are over a half million variations of this attack! Thus far, Malwarebytes and Combofix have been successful in removing it, followed by scan with multiple anti-virus programs using their free online scanners. I've had to boot the computers into Safe Mode (press and hold F8 while the computer boots up and choose Safe Mode with Networking) in order to be able to even run Malwarebytes but it works. Also, rebooting into Safe Mode has re-enabled the previously installed anti-virus programs to be able to run as well, such as Microsoft Security Essentials. MSE was also able to remove the fake alert virus in Safe Mode.

Combofix, while effective, just removes things and makes changes without asking you. It removed my custom Hosts file, which I then had to replace.

Wednesday, April 27, 2011

Fake Alert Attack and possible prevention

Computer was attacked TWICE today by Fake Alert virus while searching for pictures of art from Mali.

The first time, I clicked the X on the box that popped up to tell me that I supposedly had a virus. I got virus files in my computer this way.

The second time I just used the Task Manager to kill the browser without clicking anywhere in the browser window. No virus files made it into my computer.

It was interesting to have it happen to me. I've removed several of these infestations from client computers this year and I thought they were being infected because they weren't savvy enough to avoid the attack. But, it doesn't matter if you are tech savvy or not. I was using Chrome, had Flash and Java updated, and I have Windows patched. You just have to click on an unlucky link.

My advice is Don't Click on ANYTHING after the first fake alert pops up! Use the task manager (ctrl+shift+escape) to end the browser process without touching(clicking in) the browser window.

Thursday, April 21, 2011

Confusing Analytics Duplicate Profile Instructions

So this looks confusing to me. The first paragraph mentions that we might not want to affect the data in our main profile, and the second paragraph says that the tracking code is identical and data will be imported simultaneously into both profiles.

in reference to: How do I create a duplicate profile in my account? - Analytics Help (view on Google Sidewiki)

Friday, January 14, 2011

Building Trust With Web Design 101

A link is a promise, the text of the link tells the user what they are being promised.